forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
createProductReviews.ts
31 lines (27 loc) · 1016 Bytes
/
createProductReviews.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/*
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
import { type Request, type Response } from 'express'
import challengeUtils = require('../lib/challengeUtils')
import * as utils from '../lib/utils'
const reviews = require('../data/mongodb').reviews
const challenges = require('../data/datacache').challenges
const security = require('../lib/insecurity')
module.exports = function productReviews () {
return (req: Request, res: Response) => {
const user = security.authenticatedUsers.from(req)
challengeUtils.solveIf(challenges.forgedReviewChallenge, () => { return user && user.data.email !== req.body.author })
reviews.insert({
product: req.params.id,
message: req.body.message,
author: req.body.author,
likesCount: 0,
likedBy: []
}).then(() => {
res.status(201).json({ status: 'success' })
}, (err: unknown) => {
res.status(500).json(utils.getErrorMessage(err))
})
}
}